After Vitalik’s account was hacked, he released phishing information. Besides phishing attacks, what other ways of fund fraud should users be alert to?

After Vitalik's account was hacked, he warned about phishing attacks. What other types of fund fraud should users be cautious of?

On September 10th, Ethereum co-founder Vitalik Buterin’s X platform (formerly Twitter) account was hacked, and a phishing link was posted. The content of the link was a commemorative NFT giveaway related to Danksharding. Although the tweet was quickly deleted, the hacker still managed to steal about $700,000 in funds.

Earlier in July, Uniswap founder Hayden Adams’ X platform (formerly Twitter) account was also hacked, and a tweet with a phishing link was posted. This shows that there are still frequent security incidents such as phishing attacks in the blockchain ecosystem.

Previously, Beosin has provided a detailed analysis of phishing attacks, which you can read for more information:

UNIBOT is on fire, how to prevent phishing and fraud related to Telegram bots?

Has your signature been stolen? Be cautious if you have used Uniswap! Revealing the Permit2 signature phishing scam.

Apart from phishing attacks, there are other types of fund scams that users should be wary of. Recently, the Beosin team has discovered that exit scams and price manipulation events have also caused significant losses to users’ funds.

As blockchain technology becomes more mature, there are fewer code-related issues, leading to an increase in scams and problems in business logic. In this article, we will list some common fund security issues that have occurred recently to help users avoid being deceived.

In recent cases of exit scams and fraud, perpetrators mainly use methods such as contract backdoors and pyramid schemes to defraud funds. However, users can actually avoid these methods by understanding how contracts operate and the principles of the code. We will use recent projects as examples to explain and summarize the characteristics of such scams.

I. Considerations for project backdoors:

1. Modifying balances through privileged addresses:

Projects involved in scams usually have a privileged address that can freely mint, burn, or modify the balances of others. Such projects carry the risk of exit scams. When users use a large amount of funds to purchase project tokens, the project team can directly exchange all the valuable coins for themselves through privileged functions, causing the value of the project tokens to drop to zero.

Taking the CUZK project code as an example:

The CUZK token contract has a backdoor, where the privileged address can directly set an excessive amount of tokens to its own account, as shown in the following code:

ccviLianGuaiaaqqq() function will add a huge amount of CUZK tokens to the caller’s account, and finally check whether the caller is ciyuAdmintmrr, which is the address set by the contract creator during initialization (0xf719).

The project team added a huge amount of tokens to themselves (0xf719) by calling the ccviLianGuaiaaqqq() function.

Subsequently, the privileged address used the set token in LianGuaiir to exchange all WBNB, causing the CUZK coin price to drop to zero.

2. Hidden backdoor, indirectly adding balance

There are also some projects that do not directly manipulate the token balance of an address, but the privileged address can indirectly obtain a large number of tokens, thereby exchanging all the value coins and causing the token price to drop to zero.

Take the Flashmall project on the BNB chain as an example:

The FlashMall contract has a setPointRate function for setting the exchange rate, which can only be called by the privileged address.

This run-off event mainly consists of the following steps:

Set exchange rate -> Exchange -> Set exchange rate -> Exchange

The detailed steps are as follows:

1. The privileged address sets the rate to 10000.

2. The address 0x613C can exchange MUSD for 10 times the amount of MCoin.

3. The privileged address sets the rate to 1000.

4. The address 0x613C can exchange MCoin for the same amount of MUSD.

5. Through multiple conversions, 0x613C has acquired a large amount of MUSD, and finally exchanged all USDT.

The following is the code for the exchange between MCoin and MUSD, and the quantity is determined by pointRate.

Summary: Whether a contract has a backdoor mainly depends on whether there is a privileged function that can manipulate tokens of any address, or whether there is a privileged address token issuance logic function. In addition, if the project party holds the majority of the liquidity tokens, it may also lead to a run-off. Users can judge the risk level by checking whether the contract has abandoned the privileged address, or whether the privileged address is a normal business contract address. At the same time, it is also necessary to check whether the liquidity tokens are owned by an EOA account or a normal business contract.

II. Pixiu Project Scam

This type of project is characterized by the ability to purchase project tokens, but when users want to sell, the transaction will fail. The main manifestation of this type of scam contract code is that when the token is transferred for the first time, some contract states will be set, and then no more transfers can be made, causing users to buy tokens, set the contract states, and then unable to sell.

Take the counterfeit EDU token project as an example:

The contract address of the project is 0x4749, which is the same name as the EDU project. The token owner (0xac15) buys and sells tokens in the EDU LianGuaiir 0xE3f2 address, and sends the held tokens to Binance wallets and exchanges, creating an illusion of widespread participation (as shown in the figure below).

The following code, after the first transfer (buying coins), sets tokenGreylist[to] (to being the user’s address) to true. However, since the status of the whitelist address is not public in the code, the transfer function cannot be called again. The switch status and whitelist addresses are controlled by the owner. For users participating in the project, tokens cannot be sold by default.

Summary: The feature of the Pixiu Pan project is that it allows buying but not selling. By examining the actual logic of transfer and transferfrom, check for any mutually restrictive conditions. Those with technical conditions can locally simulate the execution of relevant functions.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Market

Solana’s Spectacular Comeback: Moons and Stumbles

In 2023, the token has increased by over four times its starting value of $10, making it a lucrative investment for F...

Blockchain

Using data to review 2019 of decentralized exchanges

Author: Alethio Translation: A Jian Source: consensys Translation source: Ethereum lovers Monero’s Community Crowdfun...

Blockchain

Alameda Engineer SBF stole my life savings

As an engineer at Alameda Research, my entire life savings were stolen by my former boss, Sam Bankman-Fried (known to...

Opinion

Amazon's participation and the skyrocketing value of AI company Anthropic become FTX's biggest hope of repaying the debt?

FTX previously invested $500 million as a lead investor in Anthropic's Series B financing round, so the expected appr...

Blockchain

The exchange is robbing the tokens, all of which are behind the interests.

Since 2019, with the launch of the first issue of the currency-raising (IEO), the “project-side tokens have be...

Blockchain

IMF urges Philippine central bank to collect crypto exchange transaction data and use data for macroeconomic analysis

According to Cointelegraph reported on January 2, the International Monetary Fund (IMF) urged the Philippine Central ...